“As more and more devices connect to the globally accessible internet, there are growing concerns about security, protection and privacy. Almost all devices today have network connectivity, such as cell phones, laptops, desktops, TVs, home interfaces, and medical devices. Even military systems rely heavily on the Internet of Things, which can help connect ships, planes, tanks, drones, soldier wearables, and bases to improve operational efficiency.
“
By: Jon Gabay, Mouser Staff Writer
Introduction
As more and more devices connect to the globally accessible internet, there are growing concerns about security, protection and privacy. Almost all devices today have network connectivity, such as cell phones, laptops, desktops, TVs, home interfaces, and medical devices. Even military systems rely heavily on the Internet of Things, which can help connect ships, planes, tanks, drones, soldier wearables, and bases to improve operational efficiency.
By now, even everyday consumers are very familiar with passwords, human (vs. robot) identification, machine (IP and MAC address) identification, and location identification (via GPS or cellular positioning). There is more machine-to-machine communication than human-to-human communication, which means identity verification techniques will vary. Like any connected device, ill-intentioned players in it can cause a lot of damage to people and property.
As the interconnection of the military, government, citizens, responders and critical infrastructure comes online, it is increasingly important that machines and devices also need to verify who they are communicating with and confirm that this communication is secure.
While encryption and authentication techniques have gotten tighter, it can still be a cat-and-mouse game. After one safeguard fails, new safeguards are imposed.
As a frequent user, facility executive, or IoT device designer in IoT, understanding the basics of IoT authentication is critical to securing yourself, your product design, or your organization.
The meaning of safety
The Internet was never designed to be a secure network. It was originally an information sharing platform between government research institutes and universities, with the help of Transmission Control Protocol/Internet Protocol (TCP/IP), using data payloads, by embedding wrappers (wrappers) to control routing sources and destinations, up to the present. Data can take multiple paths, or even arrive out of order, requiring reassembly. Signaling protocols, including passwords, are generally not encrypted or scrambled, and access to a network means access to any device on that network.
The Internet actually amplifies the threat because both wired and wireless networks can be compromised and IP and MAC addresses can be stolen. With high-speed 5G connections, massive amounts of data can be stolen very quickly.
We have legitimate reasons to worry that it’s not just a garage door opener, Portal, Echo or Alexa that is affected, as our IoT and network connections continue to expand, normal life may soon stop vital services due to disruptions, Networks and even medical equipment could potentially be compromised.
IoT needs to secure access
There are many ways to enter the data stream. IoT devices are particularly vulnerable because they are often hidden wireless nodes that can be subject to local interference and spoofing. Some studies such as “Palo Alto Networks’ 2020 IoT Security Threat Report” show that 98% of IoT traffic is unencrypted, which can make field devices cheap and easy to manufacture.
For example, a more sophisticated intruder could take control of your alarm system, camera feed, and Wi-Fi system by jamming and spoofing in your driveway.
To combat local or endpoint intrusions, use as many encryption techniques as possible, many devices offer encryption options. In addition to changing passwords and logins, encryption methods can be used interchangeably. It’s also helpful to look at the login history provided by the device, and a review of those logins can alert you to more vigilance if unauthorized login attempts occur.
Unfortunately, there are many ways to get into a streaming network. Non-local intrusions occur when someone takes control of wireless routers, access points, central office switches and routers, wired-to-wireless link transports, or international funnel routers. These attacks, known as “man-in-the-middle” attacks, exploit backdoors left by device manufacturers for law enforcement and intelligence services.
Intrusion into communication data streams is the most direct way to compromise security. The sending and receiving paths of data are intercepted and manipulated through redirection, and once in the data stream, anonymous spam, DDoS attacks, and malware can all lead to device hijacking. If an intruder is smart enough to mimic a firmware upgrade to let their code take control, then malware can get in.
modern methods and techniques
One-way or symmetric authentication is the simple process of providing a username and password when prompted to enter various systems. Doing so enables the user to be authenticated on one side of the network connection, but one of the problems is that the username and password information will be compromised. Collecting and storing in many locations and different devices makes this technique, while convenient, relatively ineffective for any real security.
With two-way authentication, an additional layer is added to the username and password requirements. Two nodes in communication need to verify what they have. This could be a temporary password issued by another terminal, or even a biometric fingerprint.
Three-way authentication adds more hurdles and verification requests. The more constraints in it, the longer the flow required for the user, which can deter many time-sensitive apps and users. Public key cryptography authentication methods are more secure than usernames and passwords and are more resilient against brute force attacks.
Encryption keys are the de facto mode of authentication in protocols like SSH and are widely used in IoT devices. Shared secret authentication is symmetric, sharing private data through secure communication. This technique works well if no “man-in-the-middle” attacks are blocked. Decentralized access and control can make man-in-the-middle attacks more difficult to execute than centralized authentication. It must be noted, however, that secure communication is required to establish a secure transmission.
For a facility, biometrics are an option for human-engagement devices. Fingerprinting, retinal scanning, and facial recognition are all other layers of protection you might need when accessing sensitive data. However, these methods are not feasible for machine authentication. Machines must rely on encrypted private and public keys.
Public keys are widely used and generally secure, and both third-party authorities and companies can be authoritative authorities for digital key certificates or identity certificates. A unique hexadecimal string can be generated by validating the credentials by running an algorithm such as RSA on the certificate. Individual certificates can be combined into a chain and transmitted until they reach a trusted global server.
As with any emerging technology, relevant standards and practices are proposed by committees to ensure that anything they regulate is in a reliable and safe environment. X.509 digital certificates issued and controlled by a globally trusted certificate authority are standardized in the IETF RFC5280 specification and certify ownership, the issuer verifies authenticity, and uses a key that is only allowed to communicate with the certificate owner.
Asymmetric public-key cryptosystems add a higher level of security to deter people who might have a way to hack themselves into the data stream, but don’t have the ability to crack the key in real time. Since all data is exposed to on-chain sniffers, it can be recovered and post-processed until the key is determined. While real-time control and access may not be allowed, it does mean that all data is not sacred and any data transmitted in the network can be corrupted with sufficient computationally intensive resources.
Adding hardware to IoT devices can reduce processing requirements and verification time. Using the Trusted Platform Module (TPM) approach, a chip or module can be added to an IoT device to store a device-specific key for authentication. TPMs can be implemented without special hardware if you dedicate process resources to tasks, which can be included in the firmware or software that the IoT device is running. For clients that cannot be fully trusted, stand-alone IoT devices can use Shared Access Signature (SAS) tokens, Uniform Resource Identifiers (URIs), in which case access to a limited subset of functionality to ensure Hostile forces cannot completely take over IoT devices.
Regardless of the strategy, the goal is to prove possession of the key without revealing the contents of the key. This verifies each endpoint, device and remote host memory integrity and firmware or software tampering. This is usually performed using a check or CRC of the associated firmware block or software.
quantum dilemma
As the world of quantum computing heats up, it is now possible for businesses, governments and even individuals to own and use quantum computers to crack encryption and cause damage in near real-time. The U.S. government is studying the risks of blockchain and vulnerabilities related to the threat posed by quantum computers.
While it is not feasible to incorporate blockchain protection into thermostats, it is considered a valid option for high-security sites. The remaining question is how easy it is to crack using a quantum computer.
When multiple states of a string of numbers can occur at the same time, an algorithm such as Shor can be used to break down the denominator very quickly. At the heart of cryptography is the ability to use true random numbers from reliable random number generating sources. In most cases, pseudo-random number generators are used because generating valid random numbers is very difficult.
Knowing how many bits are used in the pseudorandom string can significantly reduce the processing required to crack the code. Sequential attacks that lead to key generation can be checked to greatly reduce processing time and break codes faster using statistical algorithms.
Encryption and protection using quantum technology is not impossible. As scientists learn how to entangle photons and electrons with greater stability and persistence, future quantum coding will enable each endpoint to know if someone is watching or tampering with the data stream. While this may seem out of reach for anyone outside of government research institutes and universities, China has demonstrated long quantum security chains for relay station drone-critical communications that can be rapidly deployed and repositioned when needed.
in conclusion
For endpoint users of devices, many devices are encrypted and can be used frequently and constantly switched. Additionally, passwords can be changed periodically using various combinations of numbers and letters. Never use predictable and use the same prefix or suffix on new passwords. The same applies to on-premises and cloud services. Additionally, a name and password and encryption will need to be set up for your wired or wireless router.
For facility managers and security executives, secure boot needs to be set up and used through a reliable root of trust (RoT). Because remote and distributed software updates can be network-initiated, secure device boot is an excellent way to secure IoT devices at the start. A reliable root of trust can use hardened hardware modules to perform verification (firmware measurements, runtime state analysis, identity reporting, etc.).
A reliable root of trust can also help protect and make storage more secure, which covers areas of sensitive data where access is blocked. Additionally, the root of trust can set a secure state in the event of a software glitch or error during initialization.
As a designer of IoT devices, you need to understand existing technologies in order to achieve interoperability. This may be different for wired and wireless links, which require reliable Transport Security and Successor Protocol (TSL/SSL), Internet Protocol Security (IPsec), and Private Pre-Shared Key (PPSK). In addition to IPS security, wired links require firewalls.
As a designer, it is also important to understand the technologies that will emerge in the future. One technology to watch is Fully Homomorphic Encryption (FHE). This technique allows multiple additions and multiplications to be performed on the ciphertext while still providing valid results. With HFE, you can process data without decrypting it, eliminating the risk of data theft.
We will have more options and opportunities in the future, but remember that nothing is completely secure if the data stream is accessible. Individuals may be very low-priority targets, but when compromised, larger ones can affect us, especially in times of international turmoil. The IoT world may be moving fast, but that doesn’t mean it’s safe, we must remain vigilant and constantly develop effective solutions to deal with unpredictable situations.
“As more and more devices connect to the globally accessible internet, there are growing concerns about security, protection and privacy. Almost all devices today have network connectivity, such as cell phones, laptops, desktops, TVs, home interfaces, and medical devices. Even military systems rely heavily on the Internet of Things, which can help connect ships, planes, tanks, drones, soldier wearables, and bases to improve operational efficiency.
“
By: Jon Gabay, Mouser Staff Writer
Introduction
As more and more devices connect to the globally accessible internet, there are growing concerns about security, protection and privacy. Almost all devices today have network connectivity, such as cell phones, laptops, desktops, TVs, home interfaces, and medical devices. Even military systems rely heavily on the Internet of Things, which can help connect ships, planes, tanks, drones, soldier wearables, and bases to improve operational efficiency.
By now, even everyday consumers are very familiar with passwords, human (vs. robot) identification, machine (IP and MAC address) identification, and location identification (via GPS or cellular positioning). There is more machine-to-machine communication than human-to-human communication, which means identity verification techniques will vary. Like any connected device, ill-intentioned players in it can cause a lot of damage to people and property.
As the interconnection of the military, government, citizens, responders and critical infrastructure comes online, it is increasingly important that machines and devices also need to verify who they are communicating with and confirm that this communication is secure.
While encryption and authentication techniques have gotten tighter, it can still be a cat-and-mouse game. After one safeguard fails, new safeguards are imposed.
As a frequent user, facility executive, or IoT device designer in IoT, understanding the basics of IoT authentication is critical to securing yourself, your product design, or your organization.
The meaning of safety
The Internet was never designed to be a secure network. It was originally an information sharing platform between government research institutes and universities, with the help of Transmission Control Protocol/Internet Protocol (TCP/IP), using data payloads, by embedding wrappers (wrappers) to control routing sources and destinations, up to the present. Data can take multiple paths, or even arrive out of order, requiring reassembly. Signaling protocols, including passwords, are generally not encrypted or scrambled, and access to a network means access to any device on that network.
The Internet actually amplifies the threat because both wired and wireless networks can be compromised and IP and MAC addresses can be stolen. With high-speed 5G connections, massive amounts of data can be stolen very quickly.
We have legitimate reasons to worry that it’s not just a garage door opener, Portal, Echo or Alexa that is affected, as our IoT and network connections continue to expand, normal life may soon stop vital services due to disruptions, Networks and even medical equipment could potentially be compromised.
IoT needs to secure access
There are many ways to enter the data stream. IoT devices are particularly vulnerable because they are often hidden wireless nodes that can be subject to local interference and spoofing. Some studies such as “Palo Alto Networks’ 2020 IoT Security Threat Report” show that 98% of IoT traffic is unencrypted, which can make field devices cheap and easy to manufacture.
For example, a more sophisticated intruder could take control of your alarm system, camera feed, and Wi-Fi system by jamming and spoofing in your driveway.
To combat local or endpoint intrusions, use as many encryption techniques as possible, many devices offer encryption options. In addition to changing passwords and logins, encryption methods can be used interchangeably. It’s also helpful to look at the login history provided by the device, and a review of those logins can alert you to more vigilance if unauthorized login attempts occur.
Unfortunately, there are many ways to get into a streaming network. Non-local intrusions occur when someone takes control of wireless routers, access points, central office switches and routers, wired-to-wireless link transports, or international funnel routers. These attacks, known as “man-in-the-middle” attacks, exploit backdoors left by device manufacturers for law enforcement and intelligence services.
Intrusion into communication data streams is the most direct way to compromise security. The sending and receiving paths of data are intercepted and manipulated through redirection, and once in the data stream, anonymous spam, DDoS attacks, and malware can all lead to device hijacking. If an intruder is smart enough to mimic a firmware upgrade to let their code take control, then malware can get in.
modern methods and techniques
One-way or symmetric authentication is the simple process of providing a username and password when prompted to enter various systems. Doing so enables the user to be authenticated on one side of the network connection, but one of the problems is that the username and password information will be compromised. Collecting and storing in many locations and different devices makes this technique, while convenient, relatively ineffective for any real security.
With two-way authentication, an additional layer is added to the username and password requirements. Two nodes in communication need to verify what they have. This could be a temporary password issued by another terminal, or even a biometric fingerprint.
Three-way authentication adds more hurdles and verification requests. The more constraints in it, the longer the flow required for the user, which can deter many time-sensitive apps and users. Public key cryptography authentication methods are more secure than usernames and passwords and are more resilient against brute force attacks.
Encryption keys are the de facto mode of authentication in protocols like SSH and are widely used in IoT devices. Shared secret authentication is symmetric, sharing private data through secure communication. This technique works well if no “man-in-the-middle” attacks are blocked. Decentralized access and control can make man-in-the-middle attacks more difficult to execute than centralized authentication. It must be noted, however, that secure communication is required to establish a secure transmission.
For a facility, biometrics are an option for human-engagement devices. Fingerprinting, retinal scanning, and facial recognition are all other layers of protection you might need when accessing sensitive data. However, these methods are not feasible for machine authentication. Machines must rely on encrypted private and public keys.
Public keys are widely used and generally secure, and both third-party authorities and companies can be authoritative authorities for digital key certificates or identity certificates. A unique hexadecimal string can be generated by validating the credentials by running an algorithm such as RSA on the certificate. Individual certificates can be combined into a chain and transmitted until they reach a trusted global server.
As with any emerging technology, relevant standards and practices are proposed by committees to ensure that anything they regulate is in a reliable and safe environment. X.509 digital certificates issued and controlled by a globally trusted certificate authority are standardized in the IETF RFC5280 specification and certify ownership, the issuer verifies authenticity, and uses a key that is only allowed to communicate with the certificate owner.
Asymmetric public-key cryptosystems add a higher level of security to deter people who might have a way to hack themselves into the data stream, but don’t have the ability to crack the key in real time. Since all data is exposed to on-chain sniffers, it can be recovered and post-processed until the key is determined. While real-time control and access may not be allowed, it does mean that all data is not sacred and any data transmitted in the network can be corrupted with sufficient computationally intensive resources.
Adding hardware to IoT devices can reduce processing requirements and verification time. Using the Trusted Platform Module (TPM) approach, a chip or module can be added to an IoT device to store a device-specific key for authentication. TPMs can be implemented without special hardware if you dedicate process resources to tasks, which can be included in the firmware or software that the IoT device is running. For clients that cannot be fully trusted, stand-alone IoT devices can use Shared Access Signature (SAS) tokens, Uniform Resource Identifiers (URIs), in which case access to a limited subset of functionality to ensure Hostile forces cannot completely take over IoT devices.
Regardless of the strategy, the goal is to prove possession of the key without revealing the contents of the key. This verifies each endpoint, device and remote host memory integrity and firmware or software tampering. This is usually performed using a check or CRC of the associated firmware block or software.
quantum dilemma
As the world of quantum computing heats up, it is now possible for businesses, governments and even individuals to own and use quantum computers to crack encryption and cause damage in near real-time. The U.S. government is studying the risks of blockchain and vulnerabilities related to the threat posed by quantum computers.
While it is not feasible to incorporate blockchain protection into thermostats, it is considered a valid option for high-security sites. The remaining question is how easy it is to crack using a quantum computer.
When multiple states of a string of numbers can occur at the same time, an algorithm such as Shor can be used to break down the denominator very quickly. At the heart of cryptography is the ability to use true random numbers from reliable random number generating sources. In most cases, pseudo-random number generators are used because generating valid random numbers is very difficult.
Knowing how many bits are used in the pseudorandom string can significantly reduce the processing required to crack the code. Sequential attacks that lead to key generation can be checked to greatly reduce processing time and break codes faster using statistical algorithms.
Encryption and protection using quantum technology is not impossible. As scientists learn how to entangle photons and electrons with greater stability and persistence, future quantum coding will enable each endpoint to know if someone is watching or tampering with the data stream. While this may seem out of reach for anyone outside of government research institutes and universities, China has demonstrated long quantum security chains for relay station drone-critical communications that can be rapidly deployed and repositioned when needed.
in conclusion
For endpoint users of devices, many devices are encrypted and can be used frequently and constantly switched. Additionally, passwords can be changed periodically using various combinations of numbers and letters. Never use predictable and use the same prefix or suffix on new passwords. The same applies to on-premises and cloud services. Additionally, a name and password and encryption will need to be set up for your wired or wireless router.
For facility managers and security executives, secure boot needs to be set up and used through a reliable root of trust (RoT). Because remote and distributed software updates can be network-initiated, secure device boot is an excellent way to secure IoT devices at the start. A reliable root of trust can use hardened hardware modules to perform verification (firmware measurements, runtime state analysis, identity reporting, etc.).
A reliable root of trust can also help protect and make storage more secure, which covers areas of sensitive data where access is blocked. Additionally, the root of trust can set a secure state in the event of a software glitch or error during initialization.
As a designer of IoT devices, you need to understand existing technologies in order to achieve interoperability. This may be different for wired and wireless links, which require reliable Transport Security and Successor Protocol (TSL/SSL), Internet Protocol Security (IPsec), and Private Pre-Shared Key (PPSK). In addition to IPS security, wired links require firewalls.
As a designer, it is also important to understand the technologies that will emerge in the future. One technology to watch is Fully Homomorphic Encryption (FHE). This technique allows multiple additions and multiplications to be performed on the ciphertext while still providing valid results. With HFE, you can process data without decrypting it, eliminating the risk of data theft.
We will have more options and opportunities in the future, but remember that nothing is completely secure if the data stream is accessible. Individuals may be very low-priority targets, but when compromised, larger ones can affect us, especially in times of international turmoil. The IoT world may be moving fast, but that doesn’t mean it’s safe, we must remain vigilant and constantly develop effective solutions to deal with unpredictable situations.
The Links: FF600R06ME3 LTM150XH-L04 MALAYELECTRONIC